Beware! Your Follower on FB Could be a Scamster
Fraudsters either demand money for restoring account or take control of page
Bengaluru: Ruchita Sitlani, along with her sister Reeva, had just stepped out of her home in Mumbai for coffee on August 30 when her phone rang. “This is a call from the cyber crime department. Your Instagram account has been reported for abuse by 948 people and will be deleted in a day’s time. If you don’t want your account to be suspended, please link your personal email id to the account instead of your official business ID” the caller said in a brusque voice. The Sitlanis run Love At First Sight, an online gift shop for women in Mumbai, which has12,000 followers on Instagram and 1,000 on Facebook.
At about the same time, in Vadodara, Mittal Brahmbhatt, who runs The Closet, a women’s clothing store with 1,800 Facebook followers and 31,000-plus on Instagram, got a similar call asking her to share the one-time password (OTP) sent to her phone.
Both calls originated from the same number and made similar threats. “The man claimed to be from the ‘cybercrime centre’ of Mumbai and asked me to share the OTP for verification of our Facebook page with him, threatening that else our business pages will be deleted by Facebook and Instagram within 24 hours,” said Brahmbhatt.
Brahmbhatt didn’t share any password and cut the call immediately. But Sitlani caved in. “I was shaking with fear thinking it was a call from Facebook. So, in the heat of the moment, I changed the official email ID of my Instagram account to my personal ID. Within half an hour, that person changed all the details of our page and changed the number and email attached to our page,” she told ET.
Sitlani is a victim of a scam that involves hijacking the Facebook and Instagram accounts of users and demanding payment for their restoration. There are two ways the scam works. One, every Facebook account is linked to an email ID and phone number. The scamster requests an OTP by clicking on the 'forgot password' link. The scamster then makes a call to the account owner, pretending to be from the “cybercrime centre”, demanding the OTP be shared. Once the account owner shares the password, the scamster uses it to change the email ids and phone numbers. The page with all the likes, followers and content now belongs to the scamster.
Two, the scamster calls the victim, threatens them to add a personal email id — which can be more easily hacked as compared to a business email service — to their Instagram and Facebook pages. After the call, the scamster hacks into the personal email account and takes control of their accounts. This type of attack can be carried out by using a large set of words like date of birth, email address and other details of the person online to figure out the email password. Online tools are easily available for these hacks.
Sitlani reached out to the local police station in Mahim on
TRACKING CYBER CRIME
the very day her account was hacked. She registered a complaint and was asked to go to the cybercrime centre in Bandra Kurla Complex Road for further help. Ten days later, there has been no progress in the case, Sitlani told ET.
She emailed Facebook, but got a reply saying, “It doesn’t look like we can help you with the problem you are having from here.” The company also shared a link to their help centre, according to Sitlani.
ET wrote to Facebook seeking details of any complaints it might have received about such hacks and how it addresses them. “Protecting people’s personal information is important to us, and that's why security is built into every Facebook product and design. Our security systems run in the background millions of times per second to help catch threats and remove them before they even reach people,” said a Facebook spokesperson in an email response. “We encourage people to be cautious about sharing their personal or account information without verifying the identity of the requester, and to report suspicious messages using the easy-to-find links across our service.”
Social network users are now turning to cybersecurity firms to help deal with such issues. Baroda-based Jigar Tewar, a software developer, who runs a page called Baroda Rocks with 42,000 followers on Facebook, said, “I had developed this page four years ago and on August 28, I got a threatening call asking for certain details. I was afraid and shared the OTP with the caller and he immediately hacked into my Instagram and Facebook pages.” Soon, Tewar got a call asking for .₹ 5,000 to get the page back. Tewar reached out to Manan Shah, CEO of cyber security firm Avalance Global Solutions, for help. Shah told ET that his team “reached out to people at Facebook and helped Jigar take back ownership” of his Facebook Account.
“Jigar’s case is not a one-off. I have got at least four other inquiries from people whose Facebook or Instagram accounts have been hacked,” said Shah, adding the same person has been calling up other people to sell stolen Facebook and Instagram accounts with 15,000-plus followers and likes. “One like gets sold at .₹ 2 sometimes and there are many people on Facebook and Instagram who will give you 1,000 likes to a million likes for a certain price. It’s a fish market for Facebook pages and Instagram accounts,” he added.
For Sitlani, the threatening calls from the same number continued. “He had the audacity to ask me for .₹ 5,000 for getting my page back. I refused and he came down to .₹ 1,000,” she said. When ET called the number of the fraudster pretending to be a potential buyer of Facebook pages with a sizeable following, he agreed to sell the pages of people with the substantial following at prices varying from .₹ 350 for a following of 1,000 to .₹ 20,000 for a following of 50,000. When asked about his connections with the “cybercrime centre”, he responded with the abuses in Hindi. “How does it matter whether I am from cybercrime of any city? I can give 1 million followers on Wednesday. I have many pages with me. Just transfer money to my Paytm account,” he said. Experts said a grievance officer based in India might be able to solve such complex cases faster.